Data Loss Doesn’t Always Mean Getting Hacked

Friday, February 03, 2012

Robert Siciliano

37d5f81e2277051bc17116221040d51c

Recently UCLA announced 16,000 patients were potential victims of identity theft because a doctor’s home office was broken into and burglarized.

This is an unfortunate example of an employee taking home a laptop or storage device from the office resulting in a serious data breach.

The thief may have no idea what he has in his hands, but the damage is done, the data is breached.

UCLA had to send letters to all 16,000 plus affected warning that there is a possibility their identities could be stolen. On top of that they had to hire an identity theft protection firm to cover each breached record in the hopes the service will mitigate the loss.

Data loss like this may cost UCLA hundreds of thousands of dollars by the time the dust settles.

The documents stolen were birth certificates, home addresses, medical documents and numerical medical identifiers. The information breached did not include Social Security numbers or financial information.

Meanwhile reports state the data was encrypted, but the password to access the encrypted data was on a piece of paper near the laptop, which hasn’t been located either.

Based on the reports, an identity thief would have a hard time actually using the data stolen to commit new account fraud or account takeover. Nonetheless UCLA’s response has been comprehensive and designed to reduce risk in any capacity.

Data breaches cost big bucks. Smart data security practices if done right are inexpensive and cost effective. Encryption in this scenario failed due to a password on a sticky note near the laptop.

The lack of a home security system in the doctor’s home office contributed to the data loss. Putting layers of protection in both a business and home setting is an absolute must.

Robert Siciliano personal and small business security specialist to ADT Small Business Security discussing ADT Pulse on Fox News. Disclosures

Possibly Related Articles:
11766
Breaches
Healthcare Provider
Data Loss Encryption Identity Theft Physical Security Healthcare Laptop Personally Identifiable Information breach Password Management hack Robert Siciliano UCLA
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.